Wells Fargo Application Security Info Security Engineer 6 in Charlotte, North Carolina

At Wells Fargo, we have one goal: to satisfy our customers’ financial needs and help them achieve their dreams. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.


Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.

You’ve got the passion. You’ve got the skills. Are you looking for the next opportunity to learn and grow? At Wells Fargo, we offer a supportive environment where team members can cultivate their careers and make a difference within our company and the communities we serve.

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

This position is on the Enterprise Application Security Program (EASP) group within the Wells Fargo Enterprise Information Security organization. This is an exciting opportunity to join a team committed to enabling the secure development of software across the enterprise. The Enterprise Application Security Program (EASP) integrates security through all phases of the Systems Development Life Cycle (SDLC) and has been “shifting security left” by providing the processes, tools, and governance to enable development teams to build secure software.

This role will be a technical lead position for the EASP program with an emphasis on automating security capabilities for integration/consumption within Continuous Integration/Continuous Deployment (CI/CD) and/or SecDevOps ecosystems. This position will design, develop, and implement complex and highly-technical security solutions that provide software security capabilities (e.g. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), integrated security testing, software composition analysis) as consumable services. This position will identify emergent software security vulnerabilities and threats, and design enterprise solutions to identify and remediate those vulnerabilities within the SDLC prior to production release. This individual will define strategies for capability automation and delivery to disparate systems across the enterprise. This role will develop policy and process, write documentation, and collaborate with build and release teams to integrate tools. This individual will provide mentoring to lesser experienced staff and collaborate with an offshore development team.

Required Qualifications:

  • 10+ years of information security applications and systems experience

  • 5+ years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25

  • 5 + years of .Net and Java application development experience or a combination of both

  • 5+ years of experience in application automation and integration

Desired Qualifications:

  • Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices

  • Ability to manage highly complex issues and negotiate solutions

  • Excellent verbal and written communication skills

  • Ability to interact and communicate effectively with all levels of an organization; including at the executive level

  • Experience defining and/or developing business initiatives that require integration of multiple technology systems

  • Experience leading projects that require integration of multiple technology systems to deliver new online functionality and user experience

  • Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats

  • A BS/BA degree or higher in science or technology

How to Express Interest in This Job: Wells Fargo invites you to apply for this job at https://employment.wellsfargo.com/psc/PSEA/APPLICANTNW/HRMS/c/HRSHRAMFL.HRSCGSEARCHFL.GBL?Page=HRSAPPJBPST_FL&FOCUS=Applicant&SiteId=1&JobOpeningId=5400009&PostingSeq=1.

All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.